Congress boots up bills to stop government from engaging in ‘massive hacking’

_________________________________________________________________________
GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET

A change in federal rules governing treatment of computer data has mobilized congressmen of both parties to support legislation intended to stop the government from “massive hacking” of private computers.

Introduced last week in the House of Representatives, the Stop Mass Hacking Act has been referred to the House Judiciary Committee. Sponsors of the bill, including Reps. Ted Poe (R-Texas), John Conyers (D-Mich.) and Blake Fahrenthold (R-Texas), say it would reverse the Justice Department’s efforts to amend Rule 41 of the Federal Rules of Criminal Procedure.

Fahrenthold’s communications director, Elizabeth Peace, told AMI Newswire that the congressman has not yet been given a hearing date by the Judiciary Committee. She said more co-sponsors would sign on to the bill.

“Until their signatures are on paper, I won’t be able to give out names,” Peace said, “but they are big hitters.”

Approved by the U.S. Supreme Court at the end of April, the Rule 41 change would allow magistrate judges the power to issue warrants to seize electronic media outside their jurisdictions, which is usually confined to a couple of counties. Such warrants could be issued under two conditions: when the location of the information source has been hidden by technological means, such as online anonymity tools, and when target computers are infected with malicious software and located in at least five districts.

The latter exception involves the criminal creation of a botnet – that is, a network of citizens’ computers that are hijacked by remote control without the owners’ knowledge. The controllers can then use those computers for their own purposes, such as sending out spam messages or engaging in “ransomware,” which is malicious software that blocks access to people’s computers until they pay a fee.

Under the system of procedural changes now in place, the Rule 41 change can be blocked only if Congress acts prior to Dec. 1.

“Americans have rights,” Poe said in a prepared statement when the Stop Mass Hacking Act was introduced. “It is Congress’ responsibility to safeguard the constitutional rights of the people they represent from a power-hungry executive branch. As such, we are moving to stop this change that condones hacking the property of the very people we are entrusted to protect.”

Justice Department officials, however, see the rule change as the logical conclusion of a three-year process that sought public testimony and received approval from the Committee on Rules of Practice and Procedure, an advisory panel made up of private attorneys, law professors and judges.

“The amendment would not authorize the government to undertake any search or seizure or use any remote search technique not already permitted under current law,” department spokesman Peter Carr told AMI Newswire Tuesday, “and the amendment does not change any of the traditional protections and procedures, such as the requirement that the government establish probable cause.”

Carr mentioned the example of criminals who sexually exploit children and then upload videos for others to view. If they are concealing their location, the rule change would allow agents to go to the appropriate magistrate to get a warrant so that the agents can pinpoint the criminals’ whereabouts, he said. The Justice Department spokesman added that a recent investigation of a similar nature led to the rescue of 38 children who were the victims of sexual abuse.

In the case of botnets, Carr said, the new rule would allow investigators to get a warrant from a single federal judge to thwart the criminal network, as opposed to filing separate warrant applications in all of the 94 federal districts. “That duplication of effort makes no sense,” he said.

This sentiment echoes testimony by Richard Downing, the deputy assistant attorney general, who testified before the Senate Judiciary Committee last month.

“While this amendment would not change the substantive authority to authorize such a warrant, it would eliminate needless inefficiency in the process of applying for this sort of warrant,” Downing said.

Still, some congressional representatives want lawmakers to thoroughly review the rule change, which they see as having far-reaching effects.

“This rule change is designed to streamline investigative techniques that allow law enforcement to gain unauthorized access and control to remote computer systems,” Conyers said in a prepared statement. “Until Congress has had an opportunity to examine this proposal in detail – and until we have adequately addressed the privacy concerns raised by my colleagues – this rule change should not take effect.”

Others in Congress say that, under the revised rule, a single warrant issued by a judge could lead to the search of thousands or even millions of devices both within the United States and abroad. They see the rule as a dramatic expansion of investigative powers, leading to concerns involving both privacy and the Fourth Amendment.

A companion bill, backed by Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.), is awaiting Senate Judiciary Committee review. A number of businesses and organizations, including the American Civil Liberties Union, Google and the Electronic Frontier Foundation, oppose the rule change.